[Openswan Users] no preshared key found error

matt.bazan at comcast.net matt.bazan at comcast.net
Thu Oct 7 12:26:23 EDT 2010 

thanks just figured it out .. connection entry was wrong.  should look like:

conn SF-To-Trenton
  authby=secret
  left=69.xx.xx.xx
  leftsubnet=192.168.0.0/24
  leftnexthop=%defaultroute
  right=173.xx.xx.xx
  rightsubnet=192.168.10.0/24
  rightnexthop=%defaultroute
  auto=start

-m
----- "Randy Wyatt" <rwyatt at nvtl.com> wrote:

> For the ipsec.secrets file, try
> 
> @sf.xx.com @trenton.xx.com : PSK "mypassword"
> 
> Regards,
> Randy
> 
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
> On
> Behalf Of matt.bazan at comcast.net
> Sent: Thursday, October 07, 2010 8:59 AM
> To: users at openswan.org
> Subject: [Openswan Users] no preshared key found error
> 
> hi all - getting following error on my site-to-site VPN tunnel:
> 
> Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
> ignoring unknown Vendor ID payload [4f456d406b6753464548407f]
> Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
> received Vendor ID payload [Dead Peer Detection]
> Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
> received Vendor ID payload [RFC 3947] method set to=109
> Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
> but
> already using method 109
> Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
> meth=106,
> but already using method 109
> Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> but
> already using method 109
> Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27:
> responding
> to Main Mode
> Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: Can't
> authenticate: no preshared key found for `@sf.xx.com' and
> `@trenton.xx.com'.  Attribute OAKLEY_AUTHENTICATION_METHOD
> Oct  7 09:33:05 ubuntuFW pluto[23546]: last message repeated 11 times
> Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: no
> acceptable Oakley Transform
> Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: sending
> notification NO_PROPOSAL_CHOSEN to 173.xx.xx.xx:500
> Oct  7 09:33:31 ubuntuFW pluto[23546]: "SF-To-Trenton" #1: ignoring
> informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
> Oct  7 09:33:31 ubuntuFW pluto[23546]: "SF-To-Trenton" #1: received
> and
> ignored informational message
> 
> not sure what the deal is this is a very basic setup.  two ubuntu
> 10.4
> servers w/ public IPs.  here's ipsec.conf:
> 
> 
> @ubuntuFW:/etc$ sudo vi ipsec.conf
>         #
>         # NAT-TRAVERSAL support, see README.NAT-Traversal
>         nat_traversal=yes
>         # exclude networks used on server side by adding
> %v4:!a.b.c.0/24
>  
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
>         # OE is now off by default. Uncomment and change to on, to
> enable.
>         oe=off
>         # which IPsec stack to use. netkey,klips,mast,auto or none
>         protostack=netkey
> 
> 
> # Add connections here
> conn SF-To-Trenton
>         authby=secret
>         left=69.xx.xx.xx
>         leftsubnet=192.168.0.0/24
>         leftid=@sf.xx.com
>         leftnexthop=%defaultroute
>         right=173.xx.xx.xx
>         rightsubnet=192.168.10.0/24
>         rightid=@trenton.xx.com
>         auto=start
> 
> # sample VPN connection
> # for more examples, see /etc/ipsec.d/examples/
> #conn sample
> #               # Left security gateway, subnet behind it, nexthop
> toward right.
> #               left=10.0.0.1
> #               leftsubnet=172.16.0.0/24
> #               leftnexthop=10.22.33.44
> #               # Right security gateway, subnet behind it, nexthop
> toward left.
> #               right=10.12.12.1
> #               rightsubnet=192.168.0.0/24
> #               rightnexthop=10.101.102.103
> #               # To authorize this connection, but not actually
> start
> it,
> #               # at startup, uncomment this.
> #               #auto=start
> 
> ..and here's ipsec.secrets file:
> 
> # RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul
> Exp
> $
> # This file holds shared secrets or RSA private keys for inter-Pluto
> # authentication.  See ipsec_pluto(8) manpage, and HTML
> documentation.
> 
> # RSA private key for this host, authenticating it to any other host
> # which knows the public part.  Suitable public keys, for ipsec.conf,
> DNS,
> # or configuration of other implementations, can be extracted
> conveniently
> # with "ipsec showhostkey".
> 69.xx.xx.xx 173.xx.xx.xx : "mysecret"
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list